Visible to the public A Comprehensive Analysis of NVD Concurrency Vulnerabilities

TitleA Comprehensive Analysis of NVD Concurrency Vulnerabilities
Publication TypeConference Paper
Year of Publication2022
AuthorsBo, Lili, Meng, Xing, Sun, Xiaobing, Xia, Jingli, Wu, Xiaoxue
Conference Name2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)
Keywordscodes, composability, Concurrency, Concurrency Vulnerability, Concurrent computing, CVE, Databases, empirical study, Market research, Metrics, Network security, Programming, pubcrawl, resilience, Resiliency, security, software quality
Abstract

Concurrency vulnerabilities caused by synchronization problems will occur in the execution of multi-threaded programs, and the emergence of concurrency vulnerabilities often cause great threats to the system. Once the concurrency vulnerabilities are exploited, the system will suffer various attacks, seriously affecting its availability, confidentiality and security. In this paper, we extract 839 concurrency vulnerabilities from Common Vulnerabilities and Exposures (CVE), and conduct a comprehensive analysis of the trend, classifications, causes, severity, and impact. Finally, we obtained some findings: 1) From 1999 to 2021, the number of concurrency vulnerabilities disclosures show an overall upward trend. 2) In the distribution of concurrency vulnerability, race condition accounts for the largest proportion. 3) The overall severity of concurrency vulnerabilities is medium risk. 4) The number of concurrency vulnerabilities that can be exploited for local access and network access is almost equal, and nearly half of the concurrency vulnerabilities (377/839) can be accessed remotely. 5) The access complexity of 571 concurrency vulnerabilities is medium, and the number of concurrency vulnerabilities with high or low access complexity is almost equal. The results obtained through the empirical study can provide more support and guidance for research in the field of concurrency vulnerabilities.

Notes

ISSN: 2693-9177

DOI10.1109/QRS57517.2022.00012
Citation Keybo_comprehensive_2022